I am working on enabling Secure connection between policy server and Oracle Ldap. Oracle LDAP 11.1.1.7 have Disabled SSL support and have enabled TLS 1.x.
I am getting following errors:
[03/13/2018][10:42:42.104][10:42:42][7674][140566360749824][SmDsLdapConnMgr.cpp:1105][CSmDsLdapConnMgr::StartCheck][][][][][][][][][][][][][][][][][][][][][Starting DsServerCheckerThread][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:42.106][10:42:42][7674][140563980470016][SmDsLdapConnMgr.cpp:758][][][][][][][][][][][][][][][][][][][][][][LogMessage:WARN:[sm-Ldap-02910] SSLv3 client protocol is disabled. If connection fails configure LDAP server to support TLS protocols.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:42.106][10:42:42][7674][140563980470016][SmLdapPs.cpp:146][SmLdapPs::set_prldap_opt_io_max_timeout][][][][][][][][][][][][][][][][][][][][][PRLDAP_OPT_IO_MAX_TIMEOUT set to 10000 milliseconds][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:42.132][10:42:42][7674][140563980470016][SmDsLdapConnMgr.cpp:923][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-01370] SmDsLdapConnMgr Bind. Server r0000jn10.bnymellon.net : 2389. Error 81-Can't contact LDAP server][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:42.251][10:42:42][7674][140565354116864][SmObjCache.cpp:524][CSmObjCache::Cleanup][][][][][][][][][][][][][][][][][][][][][Cleanup the object cache.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:42.857][10:42:42][7674][140563959490304][SmDsLdapConnMgr.cpp:2034][CSmLdapServers::CleanupServers][][][][][][][][][][][][][][][][][][][][][Cleaned up old CSmLdapServers object][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmDsDir.cpp:81][CSmDsDir::CSmDsDir][][][][][][][][][][][][][][][][][][][][][Return from call InitDir.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmDsObj.cpp:94][CSmDsObj::IsValid][][][][][][][][][][][][][][][][][][][][][Start of call IsValid.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmDsObj.cpp:96][CSmDsObj::IsValid][][][][][][][][][][][][][0][][][][][][][][Return from call IsValid.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmDsDir.cpp:89][CSmDsDir::~CSmDsDir][][][][][][][][][][][][][][][][][][][Release DS Provider handle.][][Start of call Release.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmDsDir.cpp:91][CSmDsDir::~CSmDsDir][][][][][][][][][][][][][][][][][][][][][Return from call Release.][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmEmsCommandV2.cpp:1304][CSmEmsCommand::Execute][][][][][][][][][][][][][2323][][][][][][Dir='00-'. ObjDN='', RealmOid='00-'][][Return from call CSmEmsPolicyApi::Enumerate ][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmEmsCommandV2.cpp:2157][CSmEmsCommandV2::Execute][][][][][][][][][][][][][2323][][][][][][][][Leave function CSmEmsCommandV2::Execute][][][][00:00:01.003177][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmEmsCommandBase.cpp:231][CSmEmsCommandBase::Encode][][][][][][][][][][][][][][][][][][][][][Enter function CSmEmsCommandBase::Encode][][][][][][][][][][][][][][][][][]
[03/13/2018][10:42:43.105][10:42:43][7674][140566360749824][SmEmsCommandBase.cpp:537][CSmEmsCommandBase::traceResponse][][][][][][][][][][][][2323][][][][][][][<session=CA.XPS::Administrator@xxxxxxx=>
<command=smenumerate>
<directory = Sanjay_Ping_UserDirectory_Secure>
<status=E/0913/-13/Policy API error>
][][Processed EMS2 response.][][][][][][][][][][][][][][][][][]
LDAP Admin confirms that TLS is enabled and working.
Besides this I have created the cert.db using certutil and mentioned the same path under "smcosnole". Are there any special requirements on SHA levels for certificate.
Any thoughts what else can be checked from policy server prospective.
Thank You